Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM77416FD07B2DAA2E37920BC2F3303C9D74CF0ED3F520E039DD6BE3E7B03C177C
HistoryJan 31, 2019 - 2:25 a.m.

Security Bulletin: Vulnerabilities in NTP affect IBM Chassis Management Module

2019-01-3102:25:02
www.ibm.com
6

0.089 Low

EPSS

Percentile

94.6%

JSON

Summary

IBM Chassis Management Module has addressed the following vulnerabilities in NTP.

Vulnerability Details

Summary

IBM Chassis Management Module has addressed the following vulnerabilities in NTP.

Vulnerability Details:

CVEID: CVE-2017-6464

Description: NTP is vulnerable to a denial of service. A remote authenticated attacker could exploit this vulnerability using a malformed mode configuration directive to cause the application to crash.

CVSS Base Score: 4.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123610&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-6463

Description: NTP is vulnerable to a denial of service. By sending an invalid setting, a remote authenticated attacker could exploit this vulnerability using the :config directive to cause the daemon to crash.

CVSS Base Score: 4.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123612&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-6460

Description: NTP is vulnerable to a denial of service, caused by a stack-based buffer overflow in ntpq. By sending a specially crafted request, a remote authenticated attacker could overflow a buffer and cause the application to crash.

CVSS Base Score: 4.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123618&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-6458

Description: NTP is vulnerable to a denial of service, caused by multiple buffer overflows in the ctl_put() functions. By sending an overly long string argument, a remote authenticated attacker could exploit this vulnerability to overflow a buffer and cause the application to crash.

CVSS Base Score: 4.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123616&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-9042

Description: NTP is vulnerable to a denial of service, caused by an error in the origin timestamp check functionality. By sending specially crafted packets, a remote authenticated attacker could exploit this vulnerability to cause the application to crash.

CVSS Base Score: 4.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123619&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Product Version
IBM Flex System Chassis Management Module (CMM) 2PET

Remediation/Fixes:

Firmware fix versions are available on Fix Central:
<http://www.ibm.com/support/fixcentral/&gt;.

Product Fix Version
IBM Flex System Chassis Management Module (CMM)
(ibm_fw_cmm_2pet14k-2.5.10k_anyos_noarch) 2PET14K-2.5.10k

Workaround(s) & Mitigation(s):

None

References:

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Lenovo Product Security Advisories

Acknowledgement

None

Change History
09 November 2017: Original Copy Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an โ€œindustry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.โ€ IBM PROVIDES THE CVSS SCORES โ€œAS ISโ€ WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

ibm 13
nessus 46
openvas 19
fedora 3
freebsd 1
freebsd_advisory 1
slackware 1
symantec 1
mageia 1
amazon 2
redhat 2
centos 2
cloudfoundry 1
aix 1
cve 5
prion 5
ubuntu 2
debiancve 5
redhatcve 5
cvelist 5
nvd 5
f5 5
ubuntucve 5
paloalto 1
veracode 3
checkpoint_advisories 1
oraclelinux 3
seebug 1
talos 1
ics 1
apple 2
ibm
ibm
Security Bulletin: Multiple vulnerabilities in ntp affect IBM Flex System Manager (FSM)
2018-06-18 01:38:11
Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in NTP affect Power Hardware Management Console (CVE-2017-6464, CVE-2017-6463)
2021-09-22 23:05:38
nessus
nessus
SUSE SLES12 Security Update : ntp (SUSE-SU-2017:1047-1)
2017-04-19 00:00:00
SUSE SLES11 Security Update : ntp (SUSE-SU-2017:1052-1)
2017-04-19 00:00:00
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2017:1048-1)
2017-04-19 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:1052-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1048-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1047-1)
2021-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: ntp-4.2.8p10-1.fc26
2017-04-01 18:10:49
[SECURITY] Fedora 25 Update: ntp-4.2.6p5-44.fc25
2017-03-29 01:35:03
[SECURITY] Fedora 24 Update: ntp-4.2.6p5-44.fc24
2017-04-18 16:49:59
freebsd
freebsd
FreeBSD -- Multiple vulnerabilities of ntp
2017-04-12 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-17:03.ntp
2017-04-12 00:00:00
slackware
slackware
[slackware-security] ntp
2017-04-22 16:42:41
symantec
symantec
SA147 : March 2017 NTP Security Vulnerabilities
2017-04-13 08:00:00
mageia
mageia
Updated ntp packages fix security vulnerability
2017-05-09 09:35:29
amazon
amazon
Medium: ntp
2017-04-20 05:54:00
Medium: ntp
2018-05-10 17:11:00
redhat
redhat
(RHSA-2017:3071) Moderate: ntp security update
2017-10-26 06:19:03
(RHSA-2018:0855) Moderate: ntp security, bug fix, and enhancement update
2018-04-10 05:02:34
centos
centos
ntp, ntpdate, sntp security update
2018-04-26 17:47:34
ntp, ntpdate security update
2017-10-26 11:47:10
cloudfoundry
cloudfoundry
USN-3349-1: NTP vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
aix
aix
There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX,There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.,There are multiple vulnerabilities in NTPv3 and NTPv4 that impact VIOS
2017-07-06 14:53:51
cve
cve
CVE-2016-9042
2018-06-04 20:29:00
CVE-2017-6460
2017-03-27 17:59:00
CVE-2017-6464
2017-03-27 17:59:00
prion
prion
Race condition
2018-06-04 20:29:00
Stack overflow
2017-03-27 17:59:00
Buffer overflow
2017-03-27 17:59:00
ubuntu
ubuntu
NTP vulnerabilities
2017-07-05 00:00:00
NTP vulnerabilities
2019-01-23 00:00:00
debiancve
debiancve
CVE-2016-9042
2018-06-04 20:29:00
CVE-2017-6460
2017-03-27 17:59:00
CVE-2017-6464
2017-03-27 17:59:00
redhatcve
redhatcve
CVE-2016-9042
2017-03-22 02:17:57
CVE-2017-6460
2017-03-22 02:18:22
CVE-2017-6458
2017-03-22 02:18:17
cvelist
cvelist
CVE-2016-9042
2017-03-29 00:00:00
CVE-2017-6458
2017-03-27 17:00:00
CVE-2017-6460
2017-03-27 17:00:00
nvd
nvd
CVE-2016-9042
2018-06-04 20:29:00
CVE-2017-6460
2017-03-27 17:59:00
CVE-2017-6458
2017-03-27 17:59:00
f5
f5
K39041624 : NTP vulnerability CVE-2016-9042
2017-05-11 00:00:00
K31310492 : NTP vulnerability CVE-2017-6460
2017-05-08 00:00:00
K99254031 : NTP vulnerability CVE-2017-6458
2017-05-08 00:00:00
ubuntucve
ubuntucve
CVE-2017-6460
2017-03-27 00:00:00
CVE-2017-6464
2017-03-27 00:00:00
CVE-2017-6458
2017-03-27 00:00:00
paloalto
paloalto
NTP Vulnerability
2017-07-27 17:15:00
veracode
veracode
Arbitrary Code Execution
2020-09-21 06:30:33
Denial Of Service (DoS)
2019-05-02 06:37:19
Denial Of Service (DoS)
2019-05-02 06:37:19
checkpoint_advisories
checkpoint_advisories
Network Time Protocol Daemon peer xmit mode Denial of Service (CVE-2017-6464)
2017-05-11 00:00:00
oraclelinux
oraclelinux
ntp security update
2018-12-19 00:00:00
ntp security, bug fix, and enhancement update
2018-04-16 00:00:00
ntp security update
2017-10-26 00:00:00
seebug
seebug
Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability(CVE-2016-9042)
2017-09-20 00:00:00
talos
talos
Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability
2017-03-29 00:00:00
ics
ics
Siemens SIMATIC NET CP 443-1 OPC UA
2021-06-08 12:00:00
apple
apple
About the security content of macOS High Sierra 10.13
2017-09-25 00:00:00
About the security content of macOS High Sierra 10.13 - Apple Support
2020-02-06 07:51:09

0.089 Low

EPSS

Percentile

94.6%

JSON
Related for 77416FD07B2DAA2E37920BC2F3303C9D74CF0ED3F520E039DD6BE3E7B03C177C
ibm13nessus46openvas19fedora3freebsd1freebsd_advisory1slackware1symantec1mageia1amazon2redhat2centos2cloudfoundry1aix1cve5prion5ubuntu2debiancve5redhatcve5cvelist5nvd5f55ubuntucve5paloalto1veracode3checkpoint_advisories1oraclelinux3seebug1talos1ics1apple2